IRC log of #maemo-ssu for Wednesday, 2013-09-25

« Tuesday, 2013-09-24 Index Thursday, 2013-09-26 »
*** DocScrutinizer51 has quit IRC00:06
*** _nicolai_ has joined #maemo-ssu00:12
*** Vlad_on_the_road has quit IRC00:13
*** DocScrutinizer51 has joined #maemo-ssu00:15
*** robotanarchy has quit IRC00:20
*** sunny_s has quit IRC00:21
*** robotanarchy has joined #maemo-ssu00:21
*** sunny_s has joined #maemo-ssu00:41
*** RST38h has joined #maemo-ssu00:58
*** xes has quit IRC01:08
*** Martix_ has joined #maemo-ssu01:13
*** _rd has quit IRC01:16
*** _rd has joined #maemo-ssu01:19
*** _nicolai_ has quit IRC01:25
*** _rd has quit IRC01:26
*** _rd has joined #maemo-ssu01:29
*** Martix_ has quit IRC01:29
*** jonwil has joined #maemo-ssu01:29
*** _rd has quit IRC01:46
*** LauRoman has quit IRC02:20
*** liambeeblebrox has joined #maemo-ssu02:26
*** sarha has quit IRC02:47
*** XDS2010_ has quit IRC02:47
*** ototo has quit IRC02:47
*** RST38h has quit IRC02:47
*** psycho_oreos has quit IRC02:47
*** peetah has quit IRC02:47
*** chainsawbike has quit IRC02:47
*** gggs has quit IRC02:47
*** DocScrutinizer51 has quit IRC02:47
*** dos1 has quit IRC02:47
*** lrtz has quit IRC02:47
*** T_X_ has quit IRC02:47
*** ototo has joined #maemo-ssu02:47
*** ototo has quit IRC02:47
*** ototo has joined #maemo-ssu02:47
*** T_X_ has joined #maemo-ssu02:54
*** lrtz has joined #maemo-ssu02:54
*** DocScrutinizer51 has joined #maemo-ssu02:54
*** XDS2010_ has joined #maemo-ssu02:54
*** sarha has joined #maemo-ssu02:54
*** RST38h has joined #maemo-ssu02:54
*** peetah has joined #maemo-ssu02:54
*** gggs has joined #maemo-ssu02:54
*** psycho_oreos has joined #maemo-ssu02:54
*** chainsawbike has joined #maemo-ssu02:54
*** M4rtinK has quit IRC03:14
*** liambeeblebrox has quit IRC03:47
*** nox- has quit IRC04:45
*** amiconn has quit IRC05:49
*** amiconn_ has joined #maemo-ssu05:49
*** amiconn_ is now known as amiconn05:49
*** n900-dk has quit IRC06:09
*** n900-dk has joined #maemo-ssu06:18
*** int_ua has joined #maemo-ssu07:33
*** oldtopman has quit IRC08:11
*** LauRoman has joined #maemo-ssu08:55
*** Martix_ has joined #maemo-ssu09:32
*** luf has joined #maemo-ssu09:46
*** Pali has joined #maemo-ssu09:49
*** dos1 has joined #maemo-ssu10:11
*** amiconn has quit IRC10:15
*** dos1 has quit IRC10:19
*** amiconn has joined #maemo-ssu10:21
*** LauRoman has quit IRC10:35
*** Martix_ has quit IRC10:51
*** dos1 has joined #maemo-ssu12:27
*** arcean has joined #maemo-ssu12:35
*** int_ua has quit IRC13:05
*** Martix_ has joined #maemo-ssu13:11
*** lizardo has joined #maemo-ssu13:27
*** Pali has quit IRC13:33
*** Martix_ has quit IRC14:39
*** sunny_s has joined #maemo-ssu14:46
*** arcean has quit IRC15:03
*** mkaindl has joined #maemo-ssu15:08
*** mkaindl has left #maemo-ssu15:10
*** arcean has joined #maemo-ssu15:12
*** lizardo has quit IRC15:23
*** lizardo has joined #maemo-ssu15:26
*** aap has quit IRC15:45
*** Pali has joined #maemo-ssu16:46
*** arcean_ has joined #maemo-ssu16:49
*** arcean has quit IRC16:51
FatPhilWhere's the best place for bug reports?16:52
FatPhilHad some graphical issues with BT pairing UI (and here you say "but we don't have the source to that, ur skroooood")16:52
Palibugs.maemo.org16:54
*** jonwil has quit IRC16:55
FatPhilNot sure which component is to blame - it's a compositor problem (the pairing popup is blurred). Is that a compositor issue, or...16:57
*** Martix_ has joined #maemo-ssu16:58
FatPhilPAli: is there no single sign on across the sites? bugs.m.o doesn't recognise me17:01
*** M13 has joined #maemo-ssu17:01
*** Martix_ has quit IRC17:05
*** Martix_ has joined #maemo-ssu17:05
Paligarage, bmo and tmo have separate accounts17:19
DocScrutinizer05sign on in garage is via your mail account as "nick"17:28
DocScrutinizer05s/garage/bmo/17:28
infobotDocScrutinizer05 meant: sign on in bmo is via your mail account as "nick"17:28
DocScrutinizer05SSO never got implemented, though long pending and planned17:29
FatPhilyup, signed up17:31
DocScrutinizer05:-)17:51
DocScrutinizer05on a general heads-up: malware on your router? http://www.heise.de/ct/artikel/Aufstand-der-Router-1960334.html17:53
DocScrutinizer05that's pretty BAD[TM] and I'm amazed it didn't make it to the general news yet17:53
FatPhilmalware on your hard disk is possible too17:54
FatPhilmalware on your SD+WiFi card is possible too17:54
DocScrutinizer05but your HD is usually not executing it17:55
DocScrutinizer05and even if it were executing it, it's still not exactly simple to inject general purpose malware into the system via the HDD17:55
FatPhilNope, I mean your HD could be running an infected kernel17:56
DocScrutinizer05your router though can run arbitrary sniffers on *all* the traffic not only from your LAN to internet but *also* on your LAN as well, and send all that stuff to arbitrary public servers17:57
FatPhilhttp://hackaday.com/2013/08/02/sprite_tm-ohm2013-talk-hacking-hard-drive-controller-chips/17:57
FatPhilwhich points to http://spritesmods.com/?art=hddhack17:57
DocScrutinizer05I know that article17:58
DocScrutinizer05it's clearly elaborating on how hard it would be to draft an attack on a wide range of targets concurrently17:59
DocScrutinizer05friggin linksys routers are vulnerable via internet17:59
DocScrutinizer05and once compromised/rooted they can siff on *all* your network traffic17:59
DocScrutinizer05this is kinda worse than the windows worms that used dunno port139 or whatever, to propagate without user "support"18:00
DocScrutinizer05c't mag calls it a router-botnet, and heck it IS18:02
DocScrutinizer05and a botnet way worse than any windoze based botnet18:02
DocScrutinizer05since it has full control over all ypour local machines' traffic as well as your traffic and link to the internet18:03
DocScrutinizer05and you can't fight it by any of the usual antivir means18:03
DocScrutinizer05not even detect it18:03
FatPhilWhat's the infection vector? Google translate mentions a web browser, but it's a bit mangled18:04
DocScrutinizer05aiui the vector is a hmtl page used in the dd-wrt config UI, that usually is not supposed to get exposed to global internet, but will allow privilege escalation to everybody when you set router to "remote config allowed"18:06
*** NIN101 has joined #maemo-ssu18:06
DocScrutinizer05of course any virus mail opened in LAN will as well be able to exploit that vector even when no remote config allowed18:06
FatPhilPublicly-visible admin page = turn around, trousers down...18:06
FatPhiltrue18:06
DocScrutinizer05sure18:06
DocScrutinizer05that's not limited to admin pages aiui18:07
DocScrutinizer05there are as well status pages that are not allowed to do any config18:07
FatPhilWell, false. As mail is a sequence of (preferably) text characters, which is never executed18:07
DocScrutinizer05unless your software house sits in Redmond18:07
DocScrutinizer05and your mail client looks out18:08
FatPhilANyone executing code in an email basically has their head in a bag and their legs in the air18:08
DocScrutinizer05sure, *I* know that, and we both know there's legion of those users18:08
DocScrutinizer05html mail with external href=18:10
DocScrutinizer05damage done18:10
FatPhilYEah, and their machines are sending my mail server about 50000+ mails per day :-(18:10
FatPhilSO I do have some interest in wiping them out.18:10
DocScrutinizer05anyway that dd-wrt vulnerabilities are pretty nasty and not at all related to Redmond18:11
DocScrutinizer05I just checked for my router and it turns out the most recent available firmware is 2009-10-1018:12
FatPhilRather disappointing that a 4 year old exploit is still open18:12
DocScrutinizer05yep18:12
FatPhilPresumably you can just log in and change the apache conf files?18:12
DocScrutinizer05yep, I can, but mine isn't vulnerable18:13
DocScrutinizer05at least not in the exposed IP18:13
* FatPhil 's never liked web configuration interfaces anyway. SSH in, edit a config file, and HUP18:13
DocScrutinizer05eventually I gonna check how to fix any possible LAN vulnerability18:14
DocScrutinizer05ack18:14
*** discopig has quit IRC18:14
*** Martix_ has quit IRC18:17
*** Martix has joined #maemo-ssu18:19
*** dos1 has quit IRC18:23
freemangordonyay!!! https://lkml.org/lkml/2013/9/24/31618:34
*** Martix has quit IRC18:43
*** Martix has joined #maemo-ssu19:00
FatPhilThat TI licence is the worst-written English I've ever seen. It's barely parseable, and utterly unenforceable.19:01
*** Martix has quit IRC19:11
*** dos1 has joined #maemo-ssu19:16
kerioDocScrutinizer05: i'm getting more and more convinced that dd-wrt is a piece of crap :v19:21
keriomy router crashes all the time19:21
*** Martix has joined #maemo-ssu19:48
*** Martix_ has joined #maemo-ssu19:49
*** Martix has quit IRC19:53
*** mkaindl has joined #maemo-ssu20:08
*** xes has joined #maemo-ssu20:09
*** Martix_ has quit IRC20:20
*** mkaindl has quit IRC20:23
*** freemangordon_ has joined #maemo-ssu20:26
*** freemangordon has quit IRC20:26
*** Pali has quit IRC20:53
*** Pali has joined #maemo-ssu20:57
*** M4rtinK has joined #maemo-ssu21:03
*** LauRoman has joined #maemo-ssu21:04
*** mkaindl has joined #maemo-ssu21:14
*** mkaindl has quit IRC21:15
*** mkaindl has joined #maemo-ssu21:18
*** discopig has joined #maemo-ssu21:46
*** M13 has quit IRC22:14
*** mkaindl has quit IRC23:01
*** arcean_ has quit IRC23:04
*** kerio has quit IRC23:12
*** kerio has joined #maemo-ssu23:13
*** xes has quit IRC23:14
*** sunny_s has quit IRC23:26
*** xes has joined #maemo-ssu23:26
« Tuesday, 2013-09-24 Index Thursday, 2013-09-26 »

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!